Open resmo opened 3 years ago
It's a cool feature indeed 👍 Maybe the solution is to be able to choose one or the other in configuration.
If the code is also sent by email, why would it be less problematic regarding spam and phishing protection ?
it's not the email that's problematic, it's the link in it which could be seen as a phishing attack.
Okay yes that makes sense. We will consider this !
There is no real challenge here, the only difficulty I see is what to integrate inside Masonite 4 by default. In Laravel community, presets/packages like Jetstream, Breeze, Fortify and what's included in Laravel default have been really confusing for users. Which tool should be used ? It's difficult to provide some auth/users features without enforcing too much how it should be done.
But I am confident that with Masonite 4, we will be able to address this 😉
I was going to close this but we might be able to do this through some classes you can build you own logic around
I was going to close this but we might be able to do this through some classes you can build you own logic around
Yes it would be great. That's on those kind of features that we should pay attention to keep masonite 4 feature philosophy, simplicity and flexible !
Sending links in HTML e-mails for verification is problematic due to spam and phishing protection, the e-mail often does not arrive.
Instead, I suggest the following mechanism: After registration, the user is redirected to a form that requires entering a 6-digit code. This numerical code is sent to the user by email.